Upstream information

CVE-2008-7256 at MITRE

Description

mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having not set severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 1.2
Vector AV:L/AC:H/Au:N/C:N/I:N/A:P
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Note from the SUSE Security Team

This bug does not affect us as CONFIG_SECURITY=y in all our shipping kernel configurations.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.